php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #46433 imagecreatefrom(...) leaks memory on errors
Submitted: 2008-10-30 16:42 UTC Modified: 2009-06-16 16:36 UTC
From: ak at pre-secure dot de Assigned: pajoye (profile)
Status: Not a bug Package: GD related
PHP Version: 5.2.9 OS: Linux (OpenSUSE)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ak at pre-secure dot de
New email:
PHP Version: OS:

 

 [2008-10-30 16:42 UTC] ak at pre-secure dot de 
Description:
------------
When trying to create an image from a file and an error occures PHP will lose some memory. 

Reproduce code:
---------------
while(true) {
    print "\nMemory: ".memory_get_usage();
    imagecreatefrompng("anyimage.png");
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-30 16:49 UTC] crrodriguez at opensuse dot org 
memory usage is constant for me, are you sure you are using version 5.2.6 ?
 [2008-10-30 16:49 UTC] felipe@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

I can't reproduce it using 5.2.7CVS.
 [2008-10-31 13:20 UTC] ak at pre-secure dot de 
I have to admit that my initial bugreport is a litte bit too unspecific. 

The memory problem only occures if the image is "tainted", f.e. taking a valid png and change a arbitrary line in the source. 

This will result in an error like this:
PHP Warning:  imagecreatefrompng(): gd-png:  fatal libpng error: IDAT: CRC error in  ----
and a rapid growth of the memory usage.
 [2008-10-31 13:42 UTC] pajoye@php.net 
Please provide an example image (link to it or drop me a mail).
 [2008-10-31 13:43 UTC] ak at pre-secure dot de 
Seems to be fixed with the newest snapshot. Cannot reproduce it anymore.
 [2008-10-31 13:45 UTC] pajoye@php.net 
not a bug > bogus
 [2009-06-11 13:11 UTC] ak at pre-secure dot de 
I was able to reproduce the Problem with the current release. It occurs if you try to open an image with an crc error.

Reproduce code:
---------------
while(true) {
    print "\nMemory: ".memory_get_usage();
    imagecreatefrompng("anyimage.png");
}

Image:
--------------
http://drahop.de/php/anyimage.png
 [2009-06-11 13:17 UTC] pajoye@php.net 
Run a single pass through valgrind please.
 [2009-06-16 13:35 UTC] ak at pre-secure dot de 
==18171== Memcheck, a memory error detector.
==18171== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==18171== Using LibVEX rev 1854, a library for dynamic binary translation.
==18171== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==18171== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==18171== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==18171== For more details, rerun with: -v
==18171==

Memory: 104664PHP Warning:  imagecreatefrompng(): gd-png:  fatal libpng error: IDAT: CRC error in /srv/www/htdocs/ak/memtest.php on line 5
PHP Warning:  imagecreatefrompng(): gd-png error: setjmp returns error condition in /srv/www/htdocs/ak/memtest.php on line 5
PHP Warning:  imagecreatefrompng(): 'anyimage.png' is not a valid PNG file in /srv/www/htdocs/ak/memtest.php on line 5
==18171==
==18171== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 96 from 2)
==18171== malloc/free: in use at exit: 7,917 bytes in 15 blocks.
==18171== malloc/free: 13,027 allocs, 13,012 frees, 4,751,157 bytes allocated.
==18171== For counts of detected errors, rerun with: -v
==18171== searching for pointers to 15 not-freed blocks.
==18171== checked 525,192 bytes.
==18171==
==18171== LEAK SUMMARY:
==18171==    definitely lost: 0 bytes in 0 blocks.
==18171==      possibly lost: 0 bytes in 0 blocks.
==18171==    still reachable: 7,917 bytes in 15 blocks.
==18171==         suppressed: 0 bytes in 0 blocks.
==18171== Rerun with --leak-check=full to see details of leaked memory.
 [2009-06-16 15:14 UTC] pajoye@php.net 
==18171== ERROR SUMMARY: 0 errors from 0 contexts

No error. Still bogus.
 [2009-06-16 15:42 UTC] ak at pre-secure dot de 
Did you at least try to reproduce it? I tested it on various machines with the given script and image. It will crash in no time cause it allocates to much memory.
 [2009-06-16 16:16 UTC] pajoye@php.net 
I already said that it was working here.

pierre@ubuntu:~/cvs/php53/bld$ ./sapi/cli/php -r "imagecreatefrompng('http://drahop.de/php/anyimage.png');"

Warning: imagecreatefrompng(): gd-png:  fatal libpng error: IDAT: CRC error in Command line code on line 1

Warning: imagecreatefrompng(): gd-png error: setjmp returns error condition in Command line code on line 1

Warning: imagecreatefrompng(): 'http://drahop.de/php/anyimage.png' is not a valid PNG file in Command line code on line 1

There is no error either through valgrind.

And yes, the memory usage of PHP MM increases as you keep creating errors, but the memory is freed when it exits >> no leak.

If you read the valgrind output you pasted here, you will see that it did not find any error either...
 [2009-06-16 16:36 UTC] derick@php.net 
I can't reproduce this either, the memory usage stays at 8208.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Sep 16 20:00:01 2025 UTC